Vulnerability Description
Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.
CVSS Score
9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Radare | Radare2 | < 5.6.8 |
Related Weaknesses (CWE)
References
- https://github.com/radareorg/radare2/commit/153bcdc29f11cd8c90e7d639a7405450f644PatchThird Party Advisory
- https://huntr.dev/bounties/52b57274-0e1a-4d61-ab29-1373b555fea0ExploitThird Party Advisory
- https://github.com/radareorg/radare2/commit/153bcdc29f11cd8c90e7d639a7405450f644PatchThird Party Advisory
- https://huntr.dev/bounties/52b57274-0e1a-4d61-ab29-1373b555fea0ExploitThird Party Advisory
FAQ
What is CVE-2022-1296?
CVE-2022-1296 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.
How severe is CVE-2022-1296?
CVE-2022-1296 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-1296?
Check the references section above for vendor advisories and patch information. Affected products include: Radare Radare2.